Get in Touch

Get in Touch

Get in Touch

Please get in touch using the form below.

Close form

Home / Threat Intelligence bulletins / VMware remediates critical zero-day vulnerabilities

Target Industry 

Indiscriminate, opportunistic targeting. 


Security updates have been released with regards to VMware flaws that could allow for code execution on systems operating vulnerable versions of the Workstation and Fusion software hypervisors. The vulnerabilities are being tracked as follows: 

CVE-2023-20869: Stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.  

CVE-2023-20870: Out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. 

VMware also addressed the following flaw as a part of the security update release: 

CVE-2023-20871: VMware Fusion contains a local privilege escalation vulnerability.       


– Successful exploitation of CVE-2023-20869 could allow threat actors to execute code as the virtual machine’s VMX process running on the host. 

– Successful exploitation of CVE-2023-20870 could allow threat actors to read privileged information contained in the VM hypervisor memory. 

– Successful exploitation of CVE-2023-20871 could grant threat actors with read/write access to the target host operating system to escalate privileges and gain root access to the host OS. 

Vulnerability Detection 

VMware has released security updates with regards to these vulnerabilities. As such, previous versions are vulnerable to potential exploit. 

Affected Products 

– VMware Workstation Pro / Player (Workstation) 

– VMware Fusion    

Containment, Mitigations & Remediations 

It is strongly recommended that users of the affected products versions apply the relevant security updates that can be found at the [VMware advisory page]( 

With regards to CVE-2023-20869 and CVE-2023-20870, the following workaround exists: 

– Turn off the Bluetooth support on the virtual machine by unchecking the “Share Bluetooth devices with the virtual machine” tab.  

Indicators of Compromise 

No specific Indicators of Compromise (IoCs) are available at this time. 

Threat Landscape 

VMware has a significant proportion of the virtualisation market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on, VMware products have become a prime target for threat actors. Due to the fact that virtual machines have become an integral aspect of both personal and business affairs, threat actors will continue to exploit vulnerabilities contained within the associated devices in an attempt to extract the sensitive information contained therein. 

Threat Group 

No attribution to specific threat actors or groups has been identified at the time of writing. 

Mitre Methodologies 


TA0002 – Execution 


TA0004 – Privilege Escalation 

 Further Information 

VMware Advisory